Semantise Ltd General Data Protection Statement

• All Semantise data is stored and processed in UKFast data centres, Manchester, UK. Semantise Limited only processes the personal data only further to document instructions from the controller.

• Semantise uses Stripe for payments processing. Stripe is certified to the EU-U.S. and Swiss-U.S. Privacy Shield Framework.

• All persons who are employed by Semantise Limited and authorised to process the personal data are bound by a contractual duty of confidentiality.

• Semantise take all appropriate technical and organisational measures to comply with GDPR.

• Some Semantise services uses third party technology for MIS synchronisation. Semantise obtain the controller's written consent to engage these sub-processors.

• Semantise will only use sub-processors that are General Data Protection Rights compliant.

• Semantise will assist the controller by taking appropriate technical and organisational measures, insofar as possible, to ensure fulfilment of the controller's obligation to reply to requests by data subjects exercising their rights.

• Semantise will assist the controller in ensuring compliance with its security and certain other obligations, taking into account the nature of the processing and the information available to the processor.

• Semantise, at the controller's choosing and where appropriate, will delete or return all personal data to the controller upon completion of the processing services and return any existing copies of the data, unless EU or Member State law requires that the personal data be stored.

• Semantise will, where appropriate, make available to the controller all information necessary to demonstrate compliance with its obligations and allow and cooperate fully with audits, including inspections, conducted by the controller or another person authorised to this end by the controller.

• Semantise does not transfer any of the controllers' personal data to outside of the EU without the permission of the controller.

• Semantise will notify the controller in writing of any suspected data breaches within 24 hours.

Please also see: